Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Drive-by attacks, Trojans and code injection the biggest threats, says ENISA

Good news thin on the ground for 2013

Article comments

Cybercriminals will are turning their attention to mobile platforms, cloud computing, social media, critical and trust infrastructure and even big data, according to European Security Agency ENISA’s annual and now rather depressing summary of security industry opinion.

ENISA (European Network and Information Security Agency) pulled together its trends using data collected from 120 security industry reports from 2011-2012, concluding that almost every serious form of threat is increasing and evolving.

The nugget of good news is that a few threats such as search engine poisoning and spam appear to have stabilised. The bad news is that this is the only good news.

During the period, drive-by downloads targeting browsers from compromised websites running exploit kits such as the infamous Black Hole were the top threat, an attack design that moved to target mobile users (read: Android users) during the last year.

In second place were a clutch of sophisticated of Trojans, distributed increasingly via social media and to a much smaller extent to mobile platforms, mainly Android.

Third on the list of usual suspects was code injection, specifically SQL injection and cross-site scripting designed to steal credentials such as logins.

Standing back, a lot of these individual threats can be bundled into one larger trend, that of malware-as-a service (MaaS), by no means a new phenomenon but one that gathered pace in 2012.

Beyond this top three lay a sea of DDoS attacks systems, rogue software, not to mention those old favourites, botnets and phishing websites; targeted attacks and security breaches remain an ever-present worry.

Oddly, the report reckons that the threat from ramsonware (software that demands payments from victims) is ‘stable’ which flies in the face of more recent evidence that this type of attack has exploded insignificance.

What might have caused ENISA to downplay that threat is that because its assessment is based on an historical analysis of security reports – few security vendors paid much attention to ransomware until later in the year – this and so this phenomenon has probably been under-reported.

ENISA’s recommendations sounds like a bit of a cry in the dark, including that the industry needed to find a way of “Collect and develop better evidence about impact achieved by adversaries,” that is share information on which attacks have worked and why.

But that is an impossible goal as long as organisations are not required to publish detailed analyses of real-world attacks let alone in many cases even mention that they have happened.

The Agency would also like to see organisations adopt a common terminology to describe and discuss threats; today’s vocabulary remains expert-driven, fragmented and often confusing to outsiders.

 



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *